0

My vps is running Ubuntu 16.04. Recently, I have found a lot of failed ssh connections in /var/log/auth.log. I have enabled fail2ban and disabled password authentication. Now, there are some unnamed processes which use 100 % CPU load in my VPS. Before, I have installed nodejs and npm package using root. Below is output of htop

htop column: PPID SessionID PID username ...

The process 1550 is a child of process 1, it forks many unnamed processes. I think they are bitcoin miners or malwares.
Does anyone know about them ? I'm suspicious of vulnerability in a nodejs package. Thank all !

shang12
  • 101
  • 2
  • I think the question is more suited for [sf] – Liso Apr 04 '20 at 07:36
  • Does this answer your question? [What Can Be Done To Secure Ubuntu Server?](https://askubuntu.com/questions/146775/what-can-be-done-to-secure-ubuntu-server) – karel Apr 04 '20 at 10:34
  • I have read and followed along many tips before. However, it seems there is another vulnerability. And I want to know what above processes are. – shang12 Apr 04 '20 at 11:56

0 Answers0